Software developer Bob outsources own job and whiles away shifts on cat
videos
Verizon's hunt for firm's mysterious hacker exposes 'top worker' at firm
who let Chinese consultants log on to do his daily work
guardian.co.uk, Wednesday 16 January 2013 18.12 GMT
When a routine security check by a US-based company showed someone was
repeatedly logging on to their computer system from China, it naturally
sent alarm bells ringing. Hackers were suspected and telecoms experts
were called in.
It was only after a thorough investigation that it was revealed that the
culprit was not a hacker, but "Bob" (not his real name), an "inoffensive
and quiet" family man and the company's top-performing programmer, who
could be seen toiling at his desk day after day and staring diligently
at his monitor.
For Bob had come up with the idea of outsourcing his own job – to China.
So, while a Chinese consulting firm got on with the job he was paid to
do, on less than one-fifth of his salary, he whiled away his working day
surfing Reddit, eBay and Facebook.
The extraordinary story has been revealed by Andrew Valentine, senior
investigator at US telecoms firm Verizon Business, on its website,
securityblog.verizonbusiness.com.
Verizon's risk team was called by the unnamed critical infrastructure
company last year, "asking for our help in understanding some anomalous
activity that they were witnessing in their VPN logs", wrote Valentine.
The company had begun to allow its software developers to occasionally
work from home and so had set up "a fairly standard VPN [virtual private
network] concentrator" to facilitate remote access.
When its IT security department started actively monitoring logs being
generated at the VPN, "What they found startled and surprised them: an
open and active VPN connection from Shenyang, China! As in this
connection was live when they discovered it," wrote Valentine.
What was more, the developer whose credentials were being used was
sitting at his desk in the office.
"Plainly stated, the VPN logs showed him logged in from China, yet the
employee is right there, sitting at his desk, staring into his monitor."
Verizon's investigators discovered "almost daily connections from
Shenyang, and occasionally these connections spanned the entire workday".
The employee, whom Valentine calls Bob, was in his mid-40s, a "family
man, inoffensive and quiet. Someone you wouldn't look twice at in an
elevator."
But an examination of his workstation revealed hundreds of pdf invoices
from a third party contractor/developer in Shenyang.
"As it turns out, Bob had simply outsourced his own job to a Chinese
consulting firm. Bob spent less than one-fifth of his six-figure salary
for a Chinese firm to do his job for him."
He had physically FedExed his security RSA "token", needed to access the
VPN, to China so his surrogates could log in as him.
When the company checked his web-browsing history, a typical "work day"
for Bob was: 9am, arrive and surf Reddit for a couple of hours, watch
cat videos; 11.30am, take lunch; 1pm, eBay; 2pm-ish, Facebook updates,
LinkedIn; 4.40pm–end of day, update email to management; 5pm, go home.
The evidence, said Valentine, even suggested he had the same scam going
across multiple companies in the area.
"All told, it looked like he earned several hundred thousand dollars a
year, and only had to pay the Chinese consulting firm about fifty grand
annually".
Meanwhile, his performance review showed that, for several years in a
row, Bob had received excellent remarks for his codes which were "clean,
well written and submitted in a timely fashion".
"Quarter after quarter, his performance review noted him as the best
developer in the building," wrote Valentine.
Bob no longer works for the company.
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: http://mx.kein.org/mailman/listinfo/nettime-l
# archive: http://www.nettime.org contact: nett...@kein.org